How to disable CORS in Spring Cloud Gateway?

0
votes

I want to call a POST request from my front-end application, however in console i see:

Access to XMLHttpRequest at 'http://localhost:9090/authenticate' from origin 'http://localhost:3000' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

In my application.yml:

spring:
  application:
    name: gateway-service
  cloud:
    gateway:
      globalcors:
        corsConfigurations:
          '[/**]':
            allowedOrigins: "localhost:3000"
            allowedMethods:
              - POST

However this is not working, i am using HOXTON.RELEASE spring-cloud version, i don't have spring security dependency in my pom.xml file.

1
corsspring-webfluxspring-cloud-gateway

1 Answers

1
votes

Ok i found the solution, globalcors section in application.yml may be deleted. What you have to implement is:

@Configuration
public class CORSConfiguration implements WebFluxConfigurer {
    @Override
    public void addCorsMappings(CorsRegistry registry) {
        registry.addMapping("/**")
                .allowCredentials(true)
                .allowedOrigins("*")
                .allowedHeaders("*")
                .allowedMethods("*")
                .exposedHeaders(HttpHeaders.SET_COOKIE);
    }

    @Bean
    public CorsWebFilter corsWebFilter() {
        CorsConfiguration corsConfiguration = new CorsConfiguration();
        corsConfiguration.setAllowCredentials(true);
        corsConfiguration.addAllowedHeader("*");
        corsConfiguration.addAllowedMethod("*");
        corsConfiguration.addAllowedOrigin("*");
        corsConfiguration.addExposedHeader(HttpHeaders.SET_COOKIE);
        UrlBasedCorsConfigurationSource corsConfigurationSource = new UrlBasedCorsConfigurationSource();
        corsConfigurationSource.registerCorsConfiguration("/**", corsConfiguration);
        return new CorsWebFilter(corsConfigurationSource);
    }
}